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TITLE: A software protection system using a single-key cryptosystem, a hardware- 
based authorization system and a secure coprocessor. 

PUBN-DATE: May 11, 198 8 

INVENTOR-INFORMATION : 

NAME COUNTRY 
CHANDRA, ASHILESHWARI NARAIN 
COMERFORD, LIAM DAVID 
WHITE, STEVE RICHARD 

ASSIGNEE-INFORMATION: 

NAME COUNTRY 
IBM US 
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CHG DATE=19990617 STATUS=0> The invention provides a software asset protection 
mechanism which is based on the separation of the software to be protected from the 
right to execute that software. Protected software can only be executed on 
composite computing systems in which a physically and logically secure coprocessor 
(15) is associated with a host computer (10) . The software to be protected is 
broken down into a protected (encrypted) portion FILE2 EAK and an (optical) 
unprotected or plain text portion FILE 2 PLAIN. The software is distributed by any 
conventional software distribution mechanism (for example a floppy disk) including 
the files already identified along with an encrypted software decryption key FILE1. 
The coprocessor is capable of decrypting the software decryption key so it can 
thereafter decrypt the software, for execution purposes. However, the coprocessor 
will not perform these functions unless and until the user's right to execute is 
evidenced by presentation of a physically secure token (20) . The physically secure 
token provides to the coprocessor token data in plain text form (the physical 
security or the plain text token data is provided by the cartridge within which 
token data is stored) . The physical properties of that cartridge taken together 
with the correspondence between the token data provided by the cartridge and the 
encrypted token data evidence the user's right to execute. 
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Computer systems typically provide security by requiring a user logon sequence to 
gain access to the system; the logon sequence is often combined with the, definition 
of groups of resources, providing a means by which specific classes of users are 
granted access to specific system resources. For example, with IBM's mainframe- 
based VM, a user is given access to various disk or file resources; with PC-based 
local area networks (LANs) , users are given access to various disk, device, or even 
application resources (the entire application being considered as a resource) . 

SECURITY: Use, copying and distribution of this data is subject to the restictions in the Agreement For 
IBM TDB Database and Related Computer Databases. Unpublished - all rights reserved under the Copyright 
Laws of the United States. Contains confidential commercial information of IBM exempt from FOIA 
disclosure per 5 U.S.C. 552(b)(4) and protected under the Trade Secrets Act, 18 U.S.C. 1905. 

COPYRIGHT STATEMENT: The text of this article is Copyrighted (c) IBM Corporation 1994. All rights 
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